The WebSphere Application Server automatic repository checkpoints must be enabled to track configuration changes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-81197 | WBSP-AS-000120 | SV-95911r1_rule | CCI-000067 | medium |
| Description | ||||
| Without enabling repository checkpoints, you will not be able to determine the history of changes to WebSphere configuration files, and who made those changes. | ||||
| STIG | Date | |||
| IBM WebSphere Traditional V9.x Security Technical Implementation Guide | 2018-08-24 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-17(1)
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.12
1.00
- DISA · 1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000067
1.00
- DISA · 1 · disa_xccdf · related
Details
Check Text (C-95911r1_chk)
Review System Security Plan documentation.
Identify the required "Automatic CheckPoint Depth" setting that has been defined.
From administrative console, click System administration >> Extended repository service.
If "Enable automatic repository checkpoints" is not selected or if the "automatic checkpoint depth" is less than the number of saves defined in the System Security Plan, this is a finding.
Fix Text (F-87975r1_fix)
From administrative console click System administration >> Extended repository service >> Enable automatic repository checkpoints.
Enter a "checkpoint depth value" according to the security plan.
Restart the DMGR and all the JVMs.